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The present invention 
makes an electronic visitor's 
badge available to a person 
visiting a host computer 
protected by firewalls, 
and solves the problem 
of providing flexible, user 
friendly, access without 
compromising security. The 
present invention permits 
persons located behind an 
address translating firew all, 
which only allows HTTP, to 
obtain controlled access to 
privileged data information 
without compromising 
data security. The badge 
establishes a reliable contact 
from which only trustworthy 
instructions will emanate, 
i.e. the instructions will only 
come from an approved and 
security cleared visitor. Initial 
contact between a visitor and 
the host, i.e. an individual 

responsible for operation of the host computer, is established via a telephone conversation over the PSTN. Visitor and host agree on 
a password, or code word. The code is added, possibly in encrypted form, to the source code of an electronic badge. The electronic 
badge may be a Java applet which is compiled and placed on a webserver protected by the password. When downloaded onto a visitor's 
computer, the electronic badge mediates communication between the visitor's computer and a protected host computer. The present 
invention can be used in any situation where individuals wish to work on a common computer and it is not possible to exchange hardware, 
but the individuals are able to recognize each others voices. The invention facilitates secure control of access to a secure computer facility 
via exchange of identity badges over the internet. 
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lmprovements In, «r Relating to. Electronic Badges 

The present invention relates to a telecommunications system employing 
electronic security badges to provide temporary access to a computer system 
protected by firewalls, methods of providing temporary, controlled, access to a 
secure computer system, and an administration computer architecture for use with 
a telecommunications system employing electronic security badges. 

With modem data communications technology, it is frequently desirable to 
give a site visitor access to a secure computer system over electronic transmission 
systems. For example, it may be desirable to hold a conference, or virtual meeting, 
in cyberspace, which is hosted on a secure computer, to which general public 
access is denied for security reasons. In such a meeting, it may be necessary for 
a visitor to run applications software on the host computer. However, the person 
hosting such a meeting may well wish to limit a visitor's access to a certain set of 
the applications available on the host computer. If access to the host computer is 
given to a visitor, this will, to some extent, compromise the security of the host 
computer, unless special steps are taken to protect the host computer . 

Existing systems for providing access to computers protected by firewalls 
are either inflexible and difficult for a visitor to use, or ineffective in terms of 
preserving the security of the home computer. 

The present invention makes an electronic visitor's badge available to a 
person visiting a host computer protected by firewalls, and solves the problem of 
providing flexible, user friendly, access without compromising security. The present 
invention permits persons located behind an address translating firewall, which only 
allows HTTP, to obtain controlled access to privileged data information without 
compromising data security. The badge establishes a reliable contact from which 
only trustworthy instructions will emanate, i.e. the instructions will only come from 
an approved and security cleared visitor. 

Initial contact between a visitor and the host. i.e. an individual responsible 
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for operation of the host computer, is established via a telephone conversation over 
the PSTN. Visitor and host agree on a password, or code word. The code is 
added, possibly in encrypted form, to the source code of an electronic badge. The 
electronic badge may be a Java applet which is compiled and placed on a 
webserver protected by the password. When this -applet" is run via port 80, i.e. the 
port used for communication through a firewall, the code in the control server is 
correlated to the code presented by the badge, in other words, it does not matter 
that the firewall between visitor and host has changed the IP address. 

The present invention can be used in any situation where individuals wish 
to work on a common computer and it is not possible to exchange hardware, but 
the individuals are able to recognize each others voices. The invention facilitates 
secure control of access to a secure computer facility via exchange of identity 
badges over the Internet. 



The present invention strengthens the link between three security elements: 
voice recognition; 



knowledge of a password; and 



possession of an electronic badge r i.e. an applet 
and manages a translating/masking firewall, via port 80. 

According to a first aspect of the present invention, there is provided a 
telecommunications system adapted to act as a platform for electronic meetings, 
comprises a visitor's computer, an administration computer, an application 
computer, a firewall protecting said application computer and a transmission path 
over the Internet, characterised in that communications between said visitor's 
computer and said application computer are mediated by an electronic badge 
generated by said administration computer and operating on said visitor's 
computer. 
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Said administration computer and application computer may be realised on 
a single data processing machine. 

Alternatively, said administration computer and application computer may 
be distinct data processing machines, and communications between said visitor's 
computer and said application computer may be controlled by a firewall located in 
said administration computer. 

Said administration computer may be protected by a firewall. 

Said electronic badge may be an applet containing data identifying a visitor, 
a password, and a list of access rights relating to software applications running on 
said application computer. 

Said list of access rights may permit access to one, or more, software 
applications. 

Said applet may be adapted to run on said visitor's computer and cause 
one, or more, icons to be displayed on a VDU associated with said visitor's 
computer. 

Said administration computer may include a control panel linked to a web 
server adapted to issue electronic badges. 

Said administration computer may include a control server linked to said 
control panel and said web server, and a database of access rules linked to said 
control server. 

Said control server may be linked to a firewall protecting said application 
computer, and said database of access rules may be linked to said firewall 
protecting said application computer. 

Access to said webserver may be controlled by a password protection 

means. 
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An electronic visitor's badge may be created from said control panel and 
deposited for collection on said webserver. 

Said visitor's computer may download said electronic visitor's badge by 
accessing said web server and giving a password and visitor identification. 

Access rights associated with said visitor's badge may be altered while said 
visitor computer is connected to said application computer. 

Said visitor's badge may be adapted to self destruct on receipt of a signal 
from said control server. 

According to a second aspect to the present invention, there is provided a 
method of establishing access for a visitors computer to an application computer 
protected by a firewall generated by an administration computer, over the Internet 
characterised by mediating communications between said visitor's computer and 
sa,d application computer with an electronic badge generated on said administration 
computer and operating on said visitor's computer. 

Said administration computer and said application computer may be realised 
on a single data processing machine. 

Said administration computer and application computer may be realised as 
distinct data processing machines, and communications between said visitor's 
computer and said application computer may be controlled through a firewall 
located in said administration computer. 

Said administration computer may be protected with a firewall. 

J 

Said electronic badge may be an applet containing data identifying a visitor 
a password, and a list of access rights relating to software applications running on 
said application computer. 

Said list of access rights may permit access to one. or more, software 
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applications. 

Said applet may ain on said visitor's computer and cause one, or more, 
icons to be displayed on a VDU associated with said visitor's computer. 

Said administration computer may include a control panel linked to a web 
server adapted to issue electronic badges. 

The method may include the steps of: 

- - establishing a voice link over the PSTN between a person operating 
said visitor's computer, herein referred to as a visitor, and a person 
operating said administration computer, herein referred to as a host; 

said host establishing that said visitor has clearance to access said 
application computer, and 

assigning and communicating a password to said visitor over said 
voice link. 

Said administration computer may include a control server linked to said 
control panel and said web server, and a database of access rules linked to said 
control server. 

Said control server may be linked to a firewall protecting said application 
computer, and said database of access rules may be linked to said firewall 
protecting said application computer. 

Access to said webserver may be controlled by a password protection 

means. 

Said host may create an electronic visitor's badge by actuation of said 
control panel and depositing said electronic visitor's badge, for collection by said 
visitor, on said webserver. 
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Said visitor may access said webserver over the internet, giving said 
password, and downloading said electronic visitor's badge. 

Said method may include the steps of: 

- said visitor requesting access, while connected to said application 
computer, to a first software application, not pre-authorised on said 
electronic visitor's badge; 

said control panel giving an alarm condition; 

said host confirming over said voice link that said visitor has 
requested access to said first software application; and 

- modifying the access rights associated with said electronic visitor's 
badge via said control panel. 

co** V ' S "°' S ^ ^ ^ — "* * • *- *» said 

control server. 

According to a third aspect of the present invention, there is provided an 
miration ~. for use with a telecommunications system adapted to a^ 
as a platform for electronic meetings, said administration computer having a firewall 
protect^ an app.ication computer, characterised in that said administration 
computer ,s adapted to create an electronic badge to mediate communications 
between a visitor's computer and said application computer. 

Said administration computer and application computer may be rea.ised on 
a single data processing machine. 

Said administration computer and application computer may be distinct data 
processing machines. 



administration computer may be protected by a firewall. 
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Said electronic badge may be an applet containing data identifying a visitor, 
a password, and a list of access rights relating to software applications running on 
said application computer. 

Said list of access rights may permit access to one, or more, software 
applications. 

Said applet may be adapted to run on said visitor's computer and cause 
one, or more, icons to be displayed on a VDU associated with said visitor's 
computer. 

Said administration computer may include a control panel linked to a web 
server adapted to issue electronic badges. 

Said administration computer may include a control server linked to said 
control panel and said web server, and a database of access rules linked to said 
control server. 

Said control server may be linked to a firewall protecting said application 
computer, and said database of access rules may be linked to said firewall 
protecting said application computer. 

Access to said webserver may be controlled by a password protection 

means. 

An electronic visitor's badge may be created from said control panel and 
deposited for collection on said webserver. 

Access rights associated with said visitor's badge may be altered while a 
visitor computer is connected to said application computer. 

Embodiments of the invention will now be described, by way of example, 
with reference to the accompanying drawings, in which: 
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Figure liHustrates, in schematicform, an overview of a telecommunications 
system, according to the present invention. 

Figure 2 illustrates, in greater detail, the administration computer and 
application computer of Figure 1 . 

Figure 3 illustrates, in greater detail, the participator computer of Figure 1 . 

namely:^ * "* *** ^ main co "«. 

a control server, 6, see the accompanying drawings; 

a control panel, 4; 



a visitor's badge, in the form of an applet, 9; 
firewalls, 17, 24 and 7; 
a webserver, 5; 



a PSTN telephone link, 1,2 and 3; and 
applications software, 13, 14 and 15. 



As, Heated in (he accompanying tm^.mommutmm^m 
wh,ch supper sec^ emmunioatton ^ , „ ^ 

8, a™, application, cr ho* computer. 24. has an adminisMlc, ^ 
19. Ih Mt* compute, 8. is linked „ ia a firewall. , 7. «o ,he Interne. ,8. and 
thence taugh nrewall. 24, ,„ the ^ 

»mputer, ,9. includes a websenrer, 5. tor issuing *»* badges In Ihe form of 
Java applets, and is protected by e password recognition unit, 20 The 
administration computer includes a control panel, 4. which may take the torn, of a 
..sua, scram based Menace, alien, an operator to conhol the administration 
compter and me issue of elecbonic badges. Each badge is in the torn, o» an 
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applet which, when run on a visitor's computer, such as 8, includes a series of icons 
for a range of applications on the application computer, to which the visitor is given 
access rights by the electronic badge. In the case of the embodiment illustrated in 
the drawings, these applications include applications 13, 14, and 15 which might be 
MS-Netmeeting, Word 6, and Coral Draw 6. 

The administration computer also includes a control server, 6, which controls 
a server, 16, carrying the access rules for the application computer, 34, and the 
firewall, 7, which protects the application computer. Access to the individual 
applications packages 13, 14, and 15, is controlled individually via the firewall, so 
that access may be granted to one, two, or all of applications 13 to 15, depending 
on the access rights granted to a given electronic visitor's badge. Access rights 
associated with an electronic badge may be altered during the course of a meeting, 
or conference, via the control panel and control server, giving true dynamic control. 

In operation, a visitor and host speak to each other over the telephone link 
1 , 3, 2. They agree a password and the access rights the visitor will have. The host 
may identify the visitor by his/her voice, or by exchange of personal information, a 
PIN number, or the like. Once identification has been established to the satisfaction 
of the host, a password is issued orally to the visitor. The host then set ups an 
electronic visitor's badge for the host on the webserver 5, including the agreed 
password and the agreed access rights for the visitor. The electronic visitor's 
badge now resides on webserver 5 and awaits collection by the visitor. 

The visitor can now set up a data link over the Internet to control server, 6 
on a channel 24. It should be noted that the different communications channels 24, 
35, 27,26 and 25 are labelled for easy identification in the drawings and may, in fact, 
represent a single communications link. The visitor is then requested to give her/his 
password, which is authenticated by the password protection unit 20, which, in turn, 
permits the electronic badge to be transmitted to the visitor's computer. On receipt 
by the visitor's computer, the electronic password, which as previously stated is a 
Java applet, runs on the visitor's computer. The electronic badge causes a number 
of icons to be displayed on the visitor's computer, 10, 1 1 , and 1 2. By actuating the 
icons, the visitor obtains access via firewall 7, to the applications 13, 14 and 15 
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me pasewccd inaluctons encoded ,„ me el ectonic visltora badge and me acceaa 

rz:r r,6 ' ai ' o,whichcmbeconMted ^'^-'---- 



A « 1 ™8''^i»^adi^d ra w l n S5 .thaad ml ni Slrat ioncompu t e,.,9 and 
poaa,b,e to rcabae bom computer on a S |„ gle data processing macnirK . 

Consider the following scenario. 

hosth T "r7 S,artS ''° rMhOS, ' a9ree,0h0 ' dameetln 3° wl '«^ The 
hoa. has. « „,s diaposal. a compter eyatem called fta Control Lab Room Sya«em 

. spared to bos, tbe mee*, on tb,s oontpute, On ft. teiephone. «be boa! 

rc^Trr mteraTOan<,passworttoavisi, ^ b ^^-<ben 

be ensated. Tbe bos, aba by me contol pane, c me Conto, Lab Room Syatem and 
creates «n,e rdsbora badge, and a, «. tfage connecte certain pr^legea to ate 
badge. For examp,e. me viator wB be ,»owed, on stowing his/her badge. ,be ngb, 

ITa!? 8 "" 9 "** °" «» ^ — ■ ^ 

^sbadge 1Sto dgedonme^bserver^cbbe,ong S ,o m e S ys,em. 11 ,e, i a«or 
*™drawa and aebvetos me badge vfaaapeola, website. m. receptee. Tbe name 

n paasword ,o ge, aec.es ,o me badge are moae wbich me bos, and - viator 
have agreed on me .eieptone. Tbe bos, M s« ^en »te badge bas been 
a*a,ed. rfa «. cento, pan,, .nd..mehas,gi„eea re cdp, ror m.,cav«,on me 

.^rr^^^^^^^^^^-bie.be 

vador ,o redoes, acceaa ,o a ra „ge o, tactons avaiiabie on me appbeabon 
oompotor. e.g. video, or a protected webserver. The boa, and me visitor stort by 

o^MS.Netoeebng.Sincemehos.ccea.edmeviaborab.dgewbbdgn.aC 
eqmpmen,. « will stort wbbou, any freah intenrention via the conbol panel. 

Aner a wbile. bowever. m .labor warns ,o eefcblisb a connector wi,b a 
wdao camera «cb sbows me boa,, congee room. Bete ber^e baa 
requeued permission ,o do this, he/sbe starts bia/ber video CienL When ,bis 
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happens, the control panel displays an alarm message, which shows that a visitor 
is trying to use a function for which the visitor has not been granted access rights. 
The host now asks the visitor, via the telephone link, if the attempt emanated from 
the visitor and, on receipt of a positive response, allocates, via a simple button 
press, the visitor with the right to establish the connection. 

Now, suppose a hacker, called Charlie, tries to get access to the same video 
channel. Earlier in the week Charlie had intercepted IP-traffic which contained a 
visitor's badge. However, when he tried to use the badge, the host immediately 
identified the badge as time expired, and immediately excluded him from the 
conference. This time Charlie tries to steal the visitor's video flow. He is stopped 
once again, this time because the control server of the Control Lab Room System 
does not succeed in communicating with the visitor's badge which all authorized 
visitors must have. This causes a new alarm to be given. If the visitor, via the 
telephone, does not affirm that he has just opened a new client session, and the 
host is not satisfied that this second session also belongs to the visitor, the host 
refuses connection. Furthermore, the host will ignore all inquiries from that source 
for the remainder of the conference. The rest of the conference turns out well and, 
at the end of the conference, the host withdraws the visitor's badge by means of the 
control server, via its channel to the badge, issuing an instruction to the badge to 
self destruct. 

In slightly more technical detail the course of events can be explained as 

follows. 

The firewall informs the control server of an attempt to establish a 
connection which, based on pre-existing rules, the status of the visitor's badge and 
user control from the control panel, accepts, or denies, the connection, by creating 
a rule for the firewall to follow for this and similar connection attempts. 

The visitor's badge is the critical point. Because it is an applet, it must be 
shown in a webreader on the visitor's screen in order to execute. If it is clicked 
away, it stops executing, and with that ceases to be valid. The source code of the 
visitor's badge includes the visitor's identity, together with the time period(s) for 
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which it is valid. It must show this information to make the control server accept a 
connection from it and, implicitly, from the location from which a person attempts to 
access the application computer. 

The control server is the hub of the system. The control server creates the 
visitor's badge in accordance with instructions received from the control panel and 
places the visitor's badge on the webserver as described above. When the badge 
has been drawn from the webserver, it establishes contact with the control server. 
If the badge is still active, all manipulations the host performs with the badge on the 
control panel are reflected on the badge at the visitor's computer, and vice verse. 
The control server also controls the firewall, which provides the security for the 
conference. 

The firewall has a number of rules to follow, like all firewalls. The difference 
here is that the host can dynamically change these rules, based on: 

judgment of the telephone part of the conference; and 

the guarantee the visitor's badge gives about the identity of the 
person operating the computer connected through, or seeking 
connection through, the firewall. 

The control panel gives the host a view of the whole system. All badges 
which have been distributed can be seen here, together with the functions that are 
active. All events which the host can influence in the system are shown on the 
control panel via the same interface as the visitor has, i.e. the badge. 
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CLAIMS 

1. A telecommunications system adapted to act as a platform for electronic 
meetings, comprising a visitor's computer, an administration computer, an 
application computer, a firewall protecting said application computer and a 
transmission path over the Internet, characterised in that communications between 
said visitor's computer and said application computer are mediated by an electronic 
badge generated by said administration computer and operating on said visitor's 
computer. 

2. A telecommunications system, as claimed in claim 1, characterised in that 
said administration computer and application computer are realised on a single data 
processing machine. 

3. A telecommunications system, as claimed in claim 1, characterised in that 
said administration computer and application computer are distinct data processing 
machines, and in that communications between said visitor's computer and said 
application computer are controlled by a firewall located in said administration 
computer. 

4. A telecommunications system, as claimed in any previous claim, 
characterised in that said administration computer is protected by a firewall. 

5. A telecommunications system, as claimed in any previous claim, 
characterised in that said electronic badge is an applet containing data identifying 
a visitor, a password, and a list of access rights relating to software applications 
running on said application computer. 

6. A telecommunications system as claimed in claim 5, characterised in that 
said list of access rights may permit access to one, or more, software applications. 

7. A telecommunications system, as claimed in either claim 5, or 6, 
characterised in that said applet is adapted to run on said visitor's computer and 
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cause one, or more, icons to be displayed on a VDU associated with said visitor's 
computer. 

8. A telecommunications system, as claimed in any previous claim, 
characterised in that said administration computer includes a control panel linked 
to a web server adapted to issue electronic badges. 

9. A telecommunications system, as claimed in claim 8, characterised in that 
said administration computer includes a control server linked to said control panel 
and said web server, and a database of access rules linked to said control server. 

10. A telecommunications system, as claimed in claim 9, characterised in that 
said control server is linked to a firewall protecting said application computer, and 
in that said database of access rules is linked to said firewall protecting said 
application computer. 

11. A telecommunications system, as claimed in claim 1 0, characterised in that 
access to said webserver is controlled by a password protection means. 

12. A telecommunications system, as claimed in any of claims 8 to 11, 
characterised in that an electronic visitor's badge can be created from said control 
panel and deposited for collection on said webserver. 

13. A telecommunications system, as claimed in any of claims 8 to 12. 
characterised in that said visitor's computer can download said electronic visitor's 
badge by accessing said web server and giving a password and visitor 
identification. 

14. A telecommunications system, as claimed in any of claims 8 to 13, 
characterised in that access rights associated with said visitor's badge can be 
altered while said visitor computer is connected to said application computer. 

15. A telecommunications system, as claimed in any of claims 8 to 14, 
characterised in that said visitor's badge is adapted to self destruct on receipt of a 
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signal from said control server. 

16. A method of establishing access for a visitor's computer to an application 
computer protected by a firewall generated by an administration computer, over the 
Internet, characterised by mediating communications between said visitor's 
computer and said application computer with an electronic badge generated on said 
administration computer and operating on said visitor's computer. 

17. A method, as claimed in claim 16, characterised by realising said 
administration computer and said application computer on a single data processing 
machine. 

18. A method, as claimed in claim 16, characterised by realising said 
administration computer and application computer as distinct data processing 
machines, and by controlling communications between said visitor's computer and 
said application computer through a firewall located in said administration computer. 

19. A method, as claimed in any of claims 16 to 19, characterised by protecting 
said administration computer with a firewall. 

20. A method, as claimed in any of claims 16 to 19, characterised by said 
electronic badge being an applet containing data identifying a visitor, a password, 
and a list of access rights relating to software applications running on said 
application computer. 

21 . A method, as claimed in claim 20, characterised by said list of access rights 
permitting access to one, or more, software applications. 

22. A method, as claimed in either claim 20, or 21 , characterised by said applet 
running on said visitor's computer and causing one, or more, icons to be displayed 
on a VDU associated with said visitor's computer. 

23. A method, as claimed in any of claims 16 to 22, characterised by said 
administration computer including a control panel linked to a web server adapted 
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to issue electronic badges. 

24. A method, as claimed in claim 23, characterised by the steps of: 

establishing a voice link over the PSTN between a person operating 
said visitor's computer, herein referred to as a visitor, and a person 
operating said administration computer, herein referred to as a host; 

said host establishing that said visitor has clearance to access said 
application computer, and 

assigning and communicating a password to said visitor over said 
voice link. 

25. A method, as claimed in either claim 23. or 24, characterised by said 
administration computer including a control server linked to said control panel and 
said web server, and a database of access rules linked to said control server. 

26. A method, as claimed in claim 25, characterised by said control server being 
linked to a firewall protecting said application computer, and by said database of 
access rules being linked to said firewall protecting said application computer. 

27. A method, as claimed in claim 26, characterised by controlling access to 
said webserver with a password protection means. 

28. A method, as claimed in any of claims 24 to 27, characterised by said host 
creating an electronic visitor's badge by actuation of said control panel and 
depositing said electronic visitor's badge, for collection by said visitor, on said 
webserver. 

29. A method, as claimed in any of claims 24 to 28. characterised by said visitor 
accessing said webserver over the Internet, giving said password, and downloading 
said electronic visitor's badge. 
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30, A method, as claimed in any of claims 24 to 29, characterised by the steps 
of: 

said visitor requesting access, while connected to said application 
computer, to a first software application, not pre-authorised on said 
electronic visitor's badge; 

said control panel giving an alarm condition; 

said host confirming over said voice link that said visitor has 
requested access to said first software application; and 

modifying the access rights associated with said electronic visitor's 
badge via said control panel. 

31. A method, as claimed in any of claims 24 to 30, characterised by said 
visitor's badge self destructing on receipt of a signal from said control server. 

32. An administration computer, for use with a telecommunications system 
adapted to act as a platform for electronic meetings, said administration computer 
having a firewall protecting an application computer, characterised in that said 
administration computer is adapted to create an electronic badge to mediate 
communications between a visitor's computer and said application computer. 

33. An administration computer, as claimed in claim 32, characterised in that 
said administration computer and application computer are realised on a single data 
processing machine. 

34. An administration computer, as claimed in claim 32, characterised in that 
said administration computer and application computer are distinct data processing 
machines. 

35. An administration computer, as claimed in any of claims 32 to 34, 
characterised in that said administration computer is protected by a firewall. 
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36. An administration computer, as claimed in any of claims 32 to 34, 
characterised in that said electronic badge is an applet containing data identifying 
a visitor, a password, and a list of access rights relating to software applications 
running on said application computer. 

37. An administration computer as claimed in claim 36, characterised in that 
said list of access rights may permit access to one, or more, software applications. 

38. An administration computer, as claimed in either claim 36, or 37, 
characterised in that said applet is adapted to run on said visitor's computer and 
cause one, or more, icons to be displayed on a VDU associated with said visitor's 
computer. 
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39. An administration computer, as claimed in any of claims 32 to 38. 
characterised in that said administration computer includes a control panel linked 
to a web server adapted to issue electronic badges. 

40. An administration computer, as claimed in claim 39, characterised in that 
said administration computer includes a control server linked to said control panel 
and said web server, and a database of access rules linked to said control server. 

41. An administration computer, as claimed in claim 40, characterised in that 
said control server is linked to a firewall protecting said application computer, and 
in that said database of access rules is linked to said firewall protecting said 
application computer. 

42. An administration computer, as claimed in claim 41, characterised in that 
access to said webserver is controlled by a password protection means. 
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43. An administration computer, as claimed in any of claims 36 to 42, 
characterised in that an electronic visitor's badge can be created from said control 
panel and deposited for collection on said webserver. 
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44. An administration computer, as claimed in any of claims 36 to 42, 
characterised in that access rights associated with said visitor's badge can be 
altered while a visitor computer is connected to said application computer. 
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